Optimal codes from Fibonacci polynomials and secret ... - Springer Link

Arab. J. Math. (2017) 6:297–308 DOI 10.1007/s40065-017-0171-7

Arabian Journal of Mathematics

Mehmet E. Koroglu · Ibrahim Ozbek · Irfan Siap

Optimal codes from Fibonacci polynomials and secret sharing schemes

Received: 25 October 2016 / Accepted: 30 April 2017 / Published online: 25 May 2017 © The Author(s) 2017. This article is an open access publication

Abstract In this work, we study cyclic codes that have generators as Fibonacci polynomials over finite fields. We show that these cyclic codes in most cases produce families of maximum distance separable and optimal codes with interesting properties. We explore these relations and present some examples. Also, we present applications of these codes to secret sharing schemes. Mathematics Subject Classification

94B05 · 94B15 · 11B39 · 11B50 · 94A62

1 Introduction Error-correcting codes are applied intensively in digital data transfer and storage. Due to this important nature, good error correcting codes which can be considered as codes with best possible parameters, so-called optimal codes and codes with rich algebraic structures are important for implementations. Cyclic codes serve such a purpose and studies on cyclic codes still cover an important part of the area. A linear code C is a subspace of V = Fnp , where F p denotes the finite field with p elements. The elements of a linear code are called codewords. Hence, to detect correct errors, Hamming metric serves such a purpose. Given two elements in V say u = (u 1 , u 2 , . . . , u n ), v = (v1 , v2 , . . . , vn ), the Hamming distance between u and v is the number of places that differ from each other, i.e., d(u, v) = |{i|u i  = vi }|. The smallest nonzero Hamming distance M. E. Koroglu (B) Department of Mathematics, Yildiz Technical University, Esenler, Istanbul 34220, Turkey E-mail: [email protected] I. Ozbek Yildiz Technical University, Graduate School, Istanbul 34220, Turkey E-mail: [email protected] I. Siap Jacodesmath Institute, Istanbul 34040, Turkey E-mail: [email protected]

123

298

Arab. J. Math. (2017) 6:297–308

among the elements of C is referred to as the Hamming distance of the code C and it is usually denoted by d(C) or simply d. If C is a linear code over F p with dimension k and minimum distance d, then C is said to be an [n, k, d] p -code. If an error detected while the received word is erroneous, then decoding this word to the closest codeword in C is called the majority decoding method. It is also well known that a linear code with minimum distance d = 2t + 1 or d = 2t + 2 can correct up to t errors. Given the length and the dimension, finding a linear code with best possible minimum distance is an important problem and is an open problem except in a few special n cases. An inner product on V of u = (u 1 , u 2 , . . . , u n⊥), v = (v1 , v2 , . . . , vn ) is defined as usual u, v = i=1 u i vi in F p . Then, we can associate a linear code C , called the dual code of C, to a code C by C ⊥ = {v ∈ V |u, v = 0 for all u ∈ C}. If C is a linear code of length n and dimension k, then it is well known that C ⊥ is a linear code of length n and dimension n − k. In literature, cyclic codes from sequences defined over some extension fields with special generators have been studied. Sequences over fields or rings in general have many applications such as left shift registers (LSR), coding, cryptography, etc. [17,20]. This venue of the research is partially accomplished by considering some special sequences. In each case, some special sequences are studied to understand the cyclic codes derived from them. Here, we study the cyclic codes derived from Fibonacci sequences. In the literature there are studies where Fibonacci sequences and codes are related, but to the best knowledge of the authors these studies are in different directions compared to the one presented in this paper. An example of such a study is done by Lee et al. [11] where linear codes related to Fibonacci sequences are presented and burst error correction of such families are studied. There are further studies that are inspired by Fibonacci sequences [7,10]. In the sequel, we present some basic properties of both Fibonacci sequences and error-correcting codes. In the next section, we relate Fibonacci sequences with cyclic codes and we study the properties of such codes. Moreover, we apply these families of codes to construction of secret sharing schemes.

1.1 Fibonacci sequences and some properties In this subsection, we present some basic properties and theorems regarding Fibonacci sequences that will be useful in the following sections. Definition 1.1 Let F0 = 0 and F1 = 1 be elements of a finite field F p . Then, the sequence defined by Fn = Fn−1 + Fn−2 for n ≥ 2 is called the Fibonacci sequence in F p . If we take the first two terms of the sequence as F0 = a and F1 = b, then the sequence is called generalized Fibonacci sequence and we will denote generalized Fibonacci sequence by G¯ (a, b). Definition 1.2 The smallest t > 0 such that F0 ≡ Ft mod p and F1 ≡ Ft+1 mod p, where Ft is the tth Fibonacci number, is called Pisano period of p and we denote this period by l p . For example, the Fibonacci sequence computed in F11 is 0, 1, 1, 2, 3, 5, 8, 2, 10, 1, 0, 1, 1 . . . which implies that Pisano period l11 is 10. Theorem 1.3 [22] Fn mod p forms a periodic sequence. That is, the sequence keeps repeating its values periodically. There has not been established a direct formula for computing l p yet. However, the following theorem gives a restriction for possible values of l p . Theorem 1.4 [22] Let l p denote the period of the Fibonacci sequence modulo p. Then, 1. If p is prime and p ≡ ±1 mod 10, then l p | p − 1. 2. If p is prime and p ≡ ±3 mod 10, then l p |2( p + 1). Lemma 1.5 [5] 5 is a quadratic residue modulo primes of the form 5t ± 1 and a quadratic non-residue modulo primes of the form 5t ± 2. Lemma 1.6 [21] If a prime p is of the form 5t ± 1, then F p−1 ≡ 0 and F p ≡ 1 mod p. If a prime p is of the form 5t ± 2, then F p ≡ −1 and F p+1 ≡ 0 mod p.

123

Arab. J. Math. (2017) 6:297–308

299

Table 1 The table indicates the connection between Pisano period (l p ), the index of the first term of the Fibonacci sequence which is zero (α ( p)), the least residue of sequence (s ( p)), and the number of zeros in a single period of Fibonacci sequence computed in F p (or equivalently the order of s ( p) , (β ( p)) modulo prime p) p

lp

α( p)

s( p)

β ( p)

The corresponding Fibonacci sequence

7 11 13 17 19 23

16 10 28 36 18 48

8 10 7 9 18 24

6 1 8 4 1 22

2 1 4 4 1 2

{0, 1, 1, 2, 3, 5, 1, 6, 0, 6, 6, 5, 4, 2, 6, 1} {0, 1, 1, 2, 3, 5, 8, 2, 10, 1} {0, 1, 1, 2, 3, 5, 8, 0, 8, 8, . . . , 2, 12, 1} {0, 1, 1, 2, 3, 5, 8, 13, 4, 0, 4, . . . , 2, 16, 1} {0, 1, 1, 2, 3, 5, 8, 13, 2, 15, 17, 13, 11, 5, 16, 2, 18, 1} {0, 1, 1, 2, 3, 5, 8, 13, 21, . . . , 2, 22, 1}

Let α ( p) denote the index of the subscript of the first nonzero term of the Fibonacci sequence which is divisible by p. Let s ( p) be the least residue of Fα( p)+1 mod p and let β ( p) denote the order of s ( p) modulo p, i.e., the smallest positive integer β ( p) such that s ( p)β( p) ≡ 1 mod p. See Table 1 for numerical examples of α( p), β( p) and s( p). Theorem 1.7 [18] l p = α ( p) β( p). As a result of Theorem 1.7, β ( p) can be considered as the number of zeros in a single period of Fibonacci sequence computed in F p . Theorem 1.8 [18] l p = gcd(2, β ( p)). lcm [α ( p) , γ ( p)] , where γ (2) = 1 and γ ( p) = 2 for p > 2. Corollary 1.9 [18] 1. l p is even for p > 2. 2. β ( p) = 1, 2, or 4. 1.2 Error-correcting code basics In this subsection, we present some basic theory about linear codes especially cyclic codes. For further and more detailed information regarding this topic the readers may refer to [13]. Let F p be a finite field with p elements where p is prime and Fnp be an n dimensional vector space. A linear code C of length n over F p is a subspace of Fnp . A subset S of Fnp is cyclic if (an−1 , a0 , a1 , . . . , an−2 ) ∈ S whenever (a0 , a1 , . . . , an−1 ) ∈ S. A linear code C is called a cyclic code if C is also a cyclic set. Definition 1.10 [13] Let α be a primitive element of F pm and denote by M (i) (x) the minimal polynomial of α i with respect to F p . A (primitive) BC H code over F p of length n = p m − 1 with designed distance δ is a p-ary cyclic code generated by g(x) := lcm(M (a) (x), M (a+1) (x), . . . , M (a+δ−2) (x)) for some integer a. Furthermore, the code is called narrow-sense if a = 1. Definition 1.11 [13] A p-ary Reed Solomon code (R S code) is a p-ary BC H code of length p − 1 generated by g(x) = (x − α a+1 )(x − α a+2 ) · · · (x − α a+δ−1 ), with a ≥ 0 and 2 ≤ δ ≤ p − 1, where α is a primitive element of F p . To relate the combinatorial structure of cyclic codes with algebraic structures, the following map ϕ is defined as ϕ : Fnp → F p [x]/(x n − 1) ϕ(a0 , a1 , . . . , an−2 , an−1 ) = a0 + a1 x + · · · + an−2 x n−2 + an−1 x n−1 .

(1)

F p [x]/(x n − 1) is a principal ideal rings and ϕ corresponds each subspace of Fnp to an ideal in F p [x]/(x n − 1). The following theorem states this connection:

123

300

Arab. J. Math. (2017) 6:297–308

Theorem 1.12 [13] Let ϕ be the linear map defined in Eq. (1). Then a nonempty subset C of Fnp is a cyclic code if and only if ϕ(C) is an ideal of F p [x]/(x n − 1). Corollary 1.13 [13] The nonempty subset C of Fnp is a cyclic code of length n if and only if g(x)|x n − 1 and ϕ(C) = g(x). Example 1.14 The code C = {000, 111, 222} is a ternary cyclic code. The corresponding ideal in F3 [x]/(x 3 − 1) is ϕ(C) = {0, 1 + x + x 2 , 2 + 2x + 2x 2 } = 1 + x + x 2 . Since the minimum distance determines the error correction and detection capability of a code, it is an important parameter for codes, and also determining it is a very difficult problem. There are at least some bounds that help estimate the minimum distance of a code. Now, we present definitions and theorems regarding some special bounds that will be referred in the sequel. Definition 1.15 [13] (Singleton bound) If C is a linear code with parameters [n, k, d], then k ≤ n − d + 1. Definition 1.16 [13] A linear code with parameters [n, k, d] such that k + d = n + 1 is called a maximum distance separable (MDS) code. The code presented in Example 1.14 is MDS. Theorem 1.17 (Griesmer Bound) [13] Let C be a p-ary code of parameters [n, k, d], where k ≥ 1. Then n≥

 k−1   d . pi i=0

Here, if α is a real number, then α denotes the smallest integer larger or equal to (the ceil) α. Example 1.18 Let C be a cyclic linear code generated by the polynomial g (x) = x 14 + 6x 13 + 2x 12 + 4x 11 + 3 + 2x 2 + x + 1 over F [x]/(x 16 − 1). The code C has parameters 5x 10 + 6x 9 + 6x 8 + 6x 6 + x 5 + 5x 4 + 3x 7 1  14  [16, 2, 14]7 . Thus, we have 16 ≥ i=0 7i = 14 + 2 = 16. So, the given code meets the Griesmer bound. 2 Cyclic codes obtained from Fibonacci polynomials In this section, we study the cyclic codes that are generated by polynomials related to Fibonacci sequences. Definition 2.1 [8] Let S = {s0 , s1 , . . .} be an arbitrary sequence over F p . Assume that si+n + cn−1 si+n−1 + · · · + c0 si = 0 for some elements c0 , c1 , . . . , cn−1 ∈ F p and for all i = 0, 1, . . . . Then the polynomial x n + cn−1 x n−1 + · · · + c1 x + c0 is called the characteristic polynomial of S. A characteristic polynomial of minimal degree is called the minimal polynomial of S. For a periodic sequence S = {s0 , s1 , . . .} with a period N we have si+N − si = 0, so x N − 1 is a characteristic polynomial of S. If N is a period of S, then the minimal polynomial of S is gcd (x N

xN − 1 . − 1, s N −1 x N −1 + · · · + s1 x + s0 )

Let F = {F0 , F1 , . . . , Fn , . . .} denote the Fibonacci sequence over F p and suppose that the period of this  i sequence is equal to l. The polynomial f (x) = l−1 i=0 Fi x ∈ F p [x] is called Fibonacci polynomial of F over Fp. Theorem 2.2 Let f (x) ∈ F p [x] be the Fibonacci polynomial with period l = p − 1 and β ( p) = 1. Then, −1 1. ( f (x), x p−1 − 1) = xx2 +x−1 ∈ F p [x]. 2. The cyclic code C =  f (x) generated by f (x) with dimension 2, and the minimum distance d = p − 2. 3. C =  f (x) is an MDS code of type [ p − 1, 2, p − 2] p . p−1

Proof 1. By direct checking and applying the properties of Fibonacci sequence we see that f (x)(x 2 +x −1) = p−1 −1 . x l − x ∈ F p [x]. Since x| f (x) but xx p−1 − 1, we have ( f (x), x p−1 − 1) = xx2 +x−1

123

Arab. J. Math. (2017) 6:297–308

2. Let g(x) = ( f (x), x p−1 −1) =

301 x p−1 −1 x 2 +x−1

be the cyclic code of length p−1 generated by g(x) and dimension

p − 1 − deg(g(x))) = 2. This code has exactly p 2 codewords. Since g(x) = f (x) x , w( f (x)) = w(g(x)). Since the number of zeros in a single period of a given Fibonacci sequence is only one, then we have w(g(x)) = p − 2. Also, w(xg(x)) = p − 2 for which xg(x) ∈ C. The codeword g(x) has the zero entry in its first coordinate and xg(x) has the zero entry in its second coordinate. Suppose that a codeword c(x) ∈ C has two entries with zeros. Then, g(x), xg(x), c(x) will give a linearly independent subset of vectors in C which is a contradiction to the dimension 2 of C. 3. Follows from previous part and Definition 1.16. 

Corollary 2.3 The codes given in Theorem 2.2 are R S codes. Theorem 2.4 Let f (x) ∈ F p [x] be the Fibonacci polynomial with period l = p − 1, β ( p) = 1 and C =  f (x) . Then, the dual code of C, C ⊥ = x 2 + x − 1 is an MDS code with parameters [ p − 1, p − 3, 3] p . Proof Clearly, the length of C ⊥ is p − 1. Let us now determine the dimension and minimum distance of C ⊥ . Since C ⊥ = x 2 + x − 1, we have dim C ⊥ = p − 1 − 2 = p − 3. We know that C is MDS, so is C ⊥ [14]. By the Singleton bound, we have p − 1 + 1 = p − 3 + d. Thus, d = 3. 

Corollary 2.5 Let f (x) ∈ F p [x] be the Fibonacci polynomial with period l = p − 1. 1. If β ( p) = 2, then C =  f (x) is a cyclic code of type [ p − 1, 2, p − 3] p . 2. If β ( p) = 4, then C =  f (x) is a cyclic code of type [ p − 1, 2, p − 5] p . Theorem 2.6 Let f (x) ∈ F p [x] be the Fibonacci polynomial with period l = 2 p + 2 and β ( p) = 2, 4. Then, −1 ∈ F p [x]. 1. ( f (x), x p−1 − 1) = xx2 +x−1 2. The cyclic code C =  f (x) generated by f (x) has dimension 2, and the minimum distance d = 2 p + 2 − β ( p). 3. C =  f (x) is a linear code of type [2 p + 2, 2, 2 p + 2 − β ( p)] p . p−1



Proof Follows from Theorem 2.2. Corollary 2.7 Let f (x) ∈ F p [x] be the Fibonacci polynomial with period l = 2 p + 2. 1. If β ( p) = 2, then C =  f (x) is an optimal code of type [2 p + 2, 2, 2 p] p . 2. If β ( p) = 4, then C =  f (x) is a code of type [2 p + 2, 2, 2 p − 2] p .

Proof 1. Since β ( p) = 2, by Theorem 2.6, C =  f (x) is a[2 p+ 2, 2, 2 p] p -code. Recall that  the  Griesmer   k−1 d 2p bound for a linear code C of type [n, k, d] p is n  i=0 pi . Thus we have 2 p + 2  p0 + 2pp1 = 2 p + 2. So, C =  f (x) is an optimal code. 2. Clearly, if β ( p) = 4, then by Theorem 2.6 , C =  f (x) is a code of type [2 p + 2, 2, 2 p − 2] p . 

Lemma 2.8 Let Fn be a Fibonacci sequence with period l over F p .Then, there are non-multiple and different, two consecutive terms in a sequence.

l−β( p) β( p)

− 1 non-zero,

Proof We know that there are l − β ( p) nonzero terms in a sequence and if we obtain zero term in a sequence, then the length of subsequent terms until another zero term must be a multiple of the preceding part of p) the sequence. So there are l−β( β( p) − 1 non-zero, non-multiple and different, two consecutive terms in a sequence. 

Theorem 2.9 The cyclic codes given in Theorems 2.2, 2.6 and Corollary 2.5 are constant one or two weight codes. Proof Since the dimension of the given codes are 2, the generator matrix is of the form 

f (x) . G= x f (x) Thus, we can generate in total p 2 codewords from the generator matrix G where clearly one of them is all the zero vector. The number of nonzero coefficients of f (x) is the same as with x f (x) and the weight of these codewords are l − β ( p) . So, from the rows of generator matrix G, we can obtain 2 ( p − 1) codewords of weight l − β ( p) . Also, generalized Fibonacci sequences (for details see [9]) satisfy the following facts.

123

302

Arab. J. Math. (2017) 6:297–308

¯ 1. If we start with any two consecutive Fibonacci numbers for a and b, G(a, b, i) will be essentially the same as the Fibonacci sequence but with its indices changed. The general rule is ¯ f (k) , f (k + 1) , i) = f (i + k) . G(

(2)

2. Multiplying all the terms by k gives the same sequence as the one with starting values ka and kb ¯ ¯ G(ka, kb, i) = k G(a, b, i).

(3) 

Eq. (2) says that if we start with any two consecutive Fibonacci numbers, then we obtain codewords whose p) weights are the same with the codewords of the form f (x). By Lemma 2.8, there are l−β( β( p) − 1 non-zero, non-multiple and different, two consecutive terms in a Fibonacci sequence mod p. Also

from Eq. (3), there p) are p − 1 multiples of each non-zero two consecutive terms. Then, we have l−β( − 1 ( p − 1) codewords β( p) which have the with f (x). Therefore, the total number of codewords of weight l − β ( p) is

same weight l−β( p) 2 ( p − 1) + β( p) − 1 ( p − 1) . Since the minimum weight of the codes given in Theorems 2.2, 2.6 and Corollary 2.5 are d = l − β ( p), the other weights of the codewords must be l, because every Fibonacci sequence mod p has β ( p) parts and all these parts have the same weight. Thus, the number of codewords of weight l are



  l − β ( p) p 2 − 1 + 2 ( p − 1) + − 1 ( p − 1) . β ( p) Corollary 2.10 Let Aw denote the number of codewords with Hamming weight w in the codes given in Theorems 2.2, 2.6 and Corollary 2.5. Then the weight distribution of these codes is given in Tables 2, 3 and 4.

2.1 Cyclic codes from generalized Fibonacci polynomials If we take F0 = 2 and F1 = 1 as initial values for the Fibonacci sequence, then we obtain the well-known Lucas sequence. A natural problem then is to figure out the structure of cyclic codes if they are defined in a more general setting, with general initial values, which is known as generalized Fibonacci sequences. Let f (x) be a generalized Fibonacci polynomial with F0 = a and F1 = b. Then, f (x)(x 2 + x − 1) = ax p+1 + ax − a + bx p − bx. If we consider this polynomial as the generator polynomial of a cyclic code, as generator polynomial of an ideal in F p [x]/(x p−1 − 1), then this means that f (x)(x 2 + x − 1) = ax 2 + ax − a + bx − bx = a(x 2 + x − 1)

mod

x p−1 − 1.

Table 2 The weight distribution of the codes given in Theorem 2.2 for β ( p) = 1 Length

Weight w

Multiplicity Aw

l = p−1

0 p−2 p−1

1 ( p − 1)2 2 ( p − 1)

Table 3 The weight distribution of the codes given in Corollary 2.5 and Theorem 2.6 for β ( p) = 2 Length

Weight w

Multiplicity Aw

l = p−1

0 p−3 p−1 0 2p

1

l = 2p + 2

123

( p−1)2 2 ( p−1)( p+3) 2

1 p2 − 1

Arab. J. Math. (2017) 6:297–308

303

Table 4 The weight distribution of the codes given in Corollary 2.5 and Theorem 2.6 for β ( p) = 4 Length

Weight w

Multiplicity Aw

l = p−1

0 p−5 p−1 0 2p − 2

1

l = 2p + 2

2p + 2

( p−1)2 4 ( p−1)(3 p+5) 4

1

p 2 −1 2 p 2 −1 2

Table 5 Extended Fibonacci sequences computed in F7 and F13 p

lp

β ( p)

The corresponding extended Fibonacci sequence

7 13

48 168

12 18

{0, 1, 1, 2, 4, 0, 6, 3, 2, 4, 2, . . . , 2, 2, 4, 1, 0, 5, 6, 4, 1, 4, 2, 0, 6, 1, 0} {0, 1, 1, 2, 4, 7, 0, 11, 5, 3, 6, 1, 10, 4, . . . , 4, 1, 10, 2, 0, 12, 1, 0}

Hence, if a  = 0, then a is a unit in the ring R = F p [x]/(x p−1 − 1) (or equivalently ( f (x), x p−1 − 1) = 1) and thus  f (x) = R. So, the only cases to get a nontrivial cyclic code from generalized Fibonacci polynomials are the cases where a = 0. When a = 0, all cyclic codes (ideals) are the same. So the Fibonacci polynomial codes are the only interesting ones among this family that we have already studied above.

2.2 Cyclic codes from extended Fibonacci polynomials Let E 0 = 0 and E 1 = · · · = Er −1 = 1 be elements of a finite field F p . Then, the sequence defined by  E n = n−1 j=n−r E j for n ≥ r is called the extended Fibonacci sequence in F p . For example, for r = 3 the extended Fibonacci sequence computed in F3 (for examples over F7 and F13 see Table 5) is 0, 1, 1, 2, 1, 1, 1, 0, 2, 0, 2, 1, 0, 0, 1, 1, . . . Let E = {E 0 , E 1 , . . . , El , . . .} denote the extended Fibonacci sequence over F p and suppose that the period l−1 i of this sequence is equal to l. The polynomial t (x) = i=0 E i x ∈ F p [x] is called extended Fibonacci polynomial of E over F p . Theorem 2.11 Let ( p = 7, 13) and t (x) ∈ F p [x] be the extended Fibonacci polynomial with period l = pr −1 − 1 and β ( p) be the number of zeros of the given extended Fibonacci sequence. Then, the cyclic code C = t (x) generated by t (x) has dimension r, and the minimum distance d = pr −1 − 1 − β ( p). So, C = t (x) is a linear code of type [ pr −1 − 1, r, pr −1 − 1 − β ( p)] p .

2.3 Examples In this section, we present some concrete examples of the theoretical part established in the previous sections. Example 2.12 For p = 7, and r = 3 we have the extended Fibonacci sequence E = {0, 1, 1, 2, 4, 0, 6, 3, 2, 4, . . . , 0, 6, 1, 0, 0, 1, 1, . . .}

(4)

with l = 48 and β ( p) = 12. Then by Theorem 2.11 there exists a cyclic code of parameters [48, 3, 36]7 .

123

304

Arab. J. Math. (2017) 6:297–308

Example 2.13 For p = 11, we have F = {0, 1, 1, 2, 3, 5, 8, 2, 10, 1, 0, 1, . . .} and hence the period of F, l11 is 10 and α (11) = 10. By Theorem 1.7, 10 = 10.β (11) ; thus, β (11) = 1. Also, from Theorem 2.2, the cyclic linear code C generated by f (x) is an MDS code of parameters [10, 2, 9]11 and weight polynomial u 10 + 100uv 9 + 20v 10 . Indeed, the Fibonacci polynomial of F is f (x) = x + x 2 + 2x 3 + 3x 4 + 5x 5 + 10 −1 = 8x 6 + 2x 7 + 10x 8 + x 9 , and the minimal polynomial of F is g(x) = gcd( f (x), x 10 − 1) = xx2 +x−1 8 7 6 5 4 3 2 x + 10x + 2x + 8x + 5x + 3x + 2x + x + 1. The generator matrix of C is the following: 

1 0 1 1 2 3 5 8 2 10 . (5) G= 0 1 1 2 3 5 8 2 10 1 Moreover, by Theorem 2.4, the dual code generator matrix: ⎛ 1 0 ⎜0 1 ⎜ ⎜0 0 ⎜ ⎜0 0 H =⎜ ⎜0 0 ⎜0 0 ⎜ ⎝0 0 0 0

of C, C ⊥ is also an MDS code with parameters [10, 8, 3]11 and 0 0 1 0 0 0 0 0

0 0 0 1 0 0 0 0

0 0 0 0 1 0 0 0

0 0 0 0 0 1 0 0

0 0 0 0 0 0 1 0

0 0 0 0 0 0 0 1

10 10 9 8 6 3 9 1

⎞ 10 9⎟ ⎟ 8⎟ ⎟ 6⎟ . 3⎟ ⎟ ⎟ 9⎟ 1⎠ 10

(6)

Example 2.14 For p = 19, we have F = {0, 1, 1, 2, 3, 5, 8, 13, 2, 15, 17, 13, 11, 5, 16, 2, 18, 1, 0, 1, . . .} and hence we have l19 = 18, α (19) = 18, and by Theorem 1.7, 18 = 18β (19) ; thus, β (19) = 1. From Theorem 2.2, the cyclic linear code C, generated by f (x) is an MDS code with parameters [18, 2, 17]19 and weight polynomial u 18 + 324uv 17 + 36v 18 . Indeed, the Fibonacci polynomial of F is f (x) = x + x 2 + 2x 3 + 3x 4 + 5x 5 + 8x 6 + 13x 7 + 2x 8 + 15x 9 + 17x 10 + 13x 11 + 11x 12 + 5x 13 + 16x 14 + 2x 15 + 18x 16 + x 17 , 18 −1 = x 16 + 18x 15 + 2x 14 + 16x 13 + and the minimal polynomial of F is g(x) = gcd( f (x), x 18 − 1) = xx2 +x−1 5x 12 + 11x 11 + 13x 10 + 17x 9 + 15x 8 + 2x 7 + 13x 6 + 8x 5 + 5x 4 + 3x 3 + 2x 2 + x + 1. Furthermore, by Theorem 2.4, the dual code of C, C ⊥ is also an MDS code of type [18, 16, 3]19 . Example 2.15 If we take p = 7, then F = {0, 1, 1, 2, 3, 5, 1, 6, 0, 6, 6, 5, 4, 2, 6, 1, 0, 1, . . .} and hence we have l = 16, α (7) = 8, and by Theorem 1.7, 16 = 8β (7) , so β (7) = 2. By Theorem 2.6 and Corollary 2.7, C is an optimal code of type [16, 2, 14]7 with weight polynomial u 16 + 48u 2 v 14 . Actually, the Fibonacci polynomial of F is f (x) = x +x 2 +2x 3 +3x 4 +5x 5 +x 6 +6x 7 +6x 9 +6x 10 +5x 11 +4x 12 +2x 13 +6x 14 +x 15 , 16 −1 = x 14 + 6x 13 + 2x 12 + 4x 11 + and the minimal polynomial of F is g(x) = gcd( f (x), x 16 − 1) = xx2 +x−1 10 9 8 6 5 4 3 2 5x + 6x + 6x + 6x + x + 5x + 3x + 2x + x + 1. This code attains the Griesmer bound and hence it is an optimal code. 3 Fibonacci codes and secret-sharing schemes 3.1 Secret sharing schemes from codes Secret sharing system is a method of projecting a secret data to finitely many participants with the aim that a designed number of or designed participants can recover the data. In this system, a secret data s is divided into shares and distributed to participants from the set P = {P1 , P2 , . . . , Pn−1 } in such a way that only authorized subsets of P can reconstruct the secret, whereas unauthorized subsets cannot reconstruct the secret. There are several secret sharing systems in literature [3,4,16,19]. One of them is based on coding theory. In 1993, Massey has shown that every linear code can be used to construct the secret sharing scheme [15]. Let us now recall the system given by Massey. Let C be an [n, k, d] linear code over finite field F p and G = [g0 , g1 , . . . , gn−1 ] be a generator matrix of C where gi ’s are the column vectors of G. In this system, column vectors of G are nonzero. Dealer, who is a person building the system, randomly chooses a vector from u = (u 0 , u 1 , . . . , u k−1 ) ∈ Fkp to generate the codeword uG = (v0 , v1 , . . . , vn−1 ). The dealer picks the first coordinate of a codeword as a secret,

123

Arab. J. Math. (2017) 6:297–308

305

i.e., s = v0 = ug0 , and distributes vi to participants Pi as a share for 1 ≤ i ≤ n − 1 . Since s = v0 = ug0 , it is easily seen that the set of shares {vi1 , vi2 , . . . , vit } determines the secret s if and only if g0 is a linear  combination of gi1 , gi2 , . . . , git . To recover the secret s, firstly the linear equation g0 = tj=1 x j gi j is solved and x j is found, then the secret is computed by v0 = ug0 =

t 

x j ugi j =

j=1

t 

x j vi j .

j=1

Definition 3.1 [15] Let v be a vector of length n over F p . The support of v is defined as supp(v) = {0 ≤ i ≤ n − 1 : vi  = 0} . We say that a vector v2 covers a vector v1 if the support of vector v2 contains that of v1 i.e., supp(v1 ) ⊆ supp(v2 ). Definition 3.2 [15] A nonzero vector c is called minimal if it only covers its scalar multiples. If the first component of minimal vector c is 1, then the vector c is called minimal codeword. Definition 3.3 [12] The family of all authorized subsets of P is called access structure of the scheme. Authorized subsets of P are called minimal access sets if they can reconstruct the secret s, but any of its proper subsets cannot reconstruct the secret s. Hence, we have the following main lemma: Lemma 3.4 [15] Let C be an [n, k, d] linear code over finite field F p and C ⊥ be the dual code of C. In the secret sharing scheme based on C, a set of shares {vi1 , vi2 , . . . , vit } recovers the secret s if and only if there is a codeword in C ⊥ such that (1, 0, . . . , 0, ci1 , 0, . . . , cit , 0, . . . , 0) where ci j  = 0 for at least one j, 1 ≤ i 1 < · · · < i m ≤ n − 1 and 1 ≤ m ≤ n − 1. From Lemma 3.4, it is clear that there is a one to one correspondence between the set of minimal access sets and sets of minimal codewords. But, it is very hard to find the minimal codewords of linear codes in general. 3.2 Access structures from Fibonacci codes In this section, we consider the secret sharing schemes obtained from Fibonacci codes whose minimal codewords can be characterized. Let us remind two lemmas in the literature which state the main results of how to determine the access structure. Lemma 3.5 [1,2] Let C be an [n, k, d] code over F p . Let wmin , wmax be a minimum and maximum nonzero weight of C, respectively. If p−1 wmin > , wmax p then each nonzero codeword of C is a minimal vector. Lemma 3.5 states that if the weights of a linear code are close enough to each other, then each nonzero codeword of the code is minimal. The following lemma characterizes the minimal access set of C where each nonzero codeword is a minimal vector. Lemma 3.6 [6] Let C be an [n, k, d] code over F p , and let G = [g0 , g1 , . . . , gn−1 ] be its generator matrix. If each nonzero codeword of C is a minimal vector, then in the secret sharing scheme based on C ⊥ , there are altogether p k−1 minimal access sets. In addition, we have the followings: 1. If gi is a multiple of g0 , 1 ≤ i ≤ n − 1, then participant Pi must be in every minimal access set. Such a participant is called a dictatorial participant.

123

306

Arab. J. Math. (2017) 6:297–308

2. If gi is not a multiple of g0 , 1 ≤ i ≤ n − 1, then participant Pi must be in ( p − 1) p k−2 out of p k−1 minimal access sets. Theorem 3.7 From Corollary 2.10 and Table 3, in the secret sharing scheme based on the dual code of the code with parameters [2 p + 2, 2, 2 p] over F p , there are p minimal access sets and Pp+1 is a dictatorial participant. Furthermore, each of the other participant Pi is involved in ( p − 1) minimal access sets. Proof The codes of parameters [2 p + 2, 2, 2 p] are one weight codes and by Lemma 3.5 all codewords of such codes are minimal. Thus, from Lemma 3.6 there are p 2−1 = p minimal access sets. Also, from the Fibonacci sequence mod p and β ( p) = 2, we have two multiple parts in a sequence. So, the g p+1 column is a multiple of g0 . This means that Pp+1 is a dictatorial participant. The other remaining participants are 

involved in ( p − 1) p 2−2 = ( p − 1) minimal access sets. Example 3.8 The code C given in Example 2.15 has parameters [16, 2, 14] with the following weight distribution: u 16 + 48u 2 v 14 . In the secret sharing scheme based on the dual code of C, the number of minimal access sets are 7, and the list of all these minimal access sets are as follows: {2, 3, 4, 5, 6, 7, 8, 10, 11, 12, 13, 14, 15}, {1, 2, 3, 4, 5, 6, 8, 9, 10, 11, 12, 13, 14}, {1, 2, 3, 4, 5, 7, 8, 9, 10, 11, 12, 13, 15}, {1, 2, 4, 5, 6, 7, 8, 9, 10, 12, 13, 14, 15}, {1, 2, 3, 5, 6, 7, 8, 9, 10, 11, 13, 14, 15}, {1, 2, 3, 4, 6, 7, 8, 9, 10, 11, 12, 14, 15}, {1, 3, 4, 5, 6, 7, 8, 9, 11, 12, 13, 14, 15}. where {2, 3, 4, 5, 6, 7, 8, 10, 11, 12, 13, 14, 15} denotes the access set {P2 , P3 , P4 , P5 , P6 , P7 , P8 , P10 , P11 , P12 , P13 , P14 , P15 }. In this example, P8 is dictatorial participant and each participant is involved in exactly 6 minimal access sets. Theorem 3.9 From Corollary 2.10 and Table 2, in the secret sharing schemes based on the dual code of the code of parameters [ p − 1, 2, p − 2] over F p , there are p − 2 minimal access sets. Furthermore, each participant Pi is involved in ( p − 3) minimal access sets. Proof From Table 2, it is easily seen that the codewords of weight p − 2 whose first component 1 are minimal 2 codewords. We have in total pp = p codewords whose first component is 1. We should remove full weight codes whose first component is 1, to get minimality. There are 2 ( p − 1) codewords which have weight p − 1. p−1) = 2 codewords whose first component is 1. This gives us the total number of the codewords So, there are 2(p−1 of weight p − 2, whose first component is 1. Consequently, we have p − 2 minimal codewords. Therefore, there are p − 2 minimal access sets. Second part of proof If we fix i, 1 ≤ i ≤ p − 2, participant Pi is involved

in p −2 minimal access sets. In p−3 = p − 3 ways. This is a this case, we can choose the remaining participants to recover the key in p−4 contradiction to p − 2 minimal access sets. Thus each of participant Pi is involved in ( p − 3) minimal access sets. 

We only state and skip the proofs of the following corollaries since they can be proved similarly as in Theorems 3.7 and 3.9. Corollary 3.10 From Corollary 2.10 and Table 3, in the secret sharing scheme based on the dual code of the code of parameters [ p − 1, 2, p − 3] over F p , there are p−3 is a dictatorial 2 minimal access sets and P p−1 2

minimal access sets. participant. Furthermore, each of the other participant Pi is involved in p−5 2 Corollary 3.11 From Corollary 2.10 and Table 4, in the secret sharing schemes based on the dual code of the code of parameters [ p − 1, 2, p − 5] over F p , there are p−5 4 minimal access sets and the set of   P p−1 , P p−1 , P 3( p−1) are dictatorial participants. Furthermore, each of the other participants Pi is involved 4 4 2 minimal access sets. in p−9 4

123

Arab. J. Math. (2017) 6:297–308

307

Corollary 3.12 From Corollary 2.10 and Table 4, in the secret sharing schemes based on the dual code of the  minimal access sets and P code of parameters [2 p + 2, 2, 2 p − 2] over F p , there are p−1 p+1 , P p+1 , P 3( p+1) 2 2 2

p−3 are a dictatorial participant. Furthermore, each of the other participants Pi is involved in minimal 2 access sets. Example 3.13 For β ( p) = 1 and l = p − 1, we have a linear code of parameters [10, 2, 9]11 given in Example 2.13. From Theorem 3.9, there are p − 2 = 9 minimal access sets and the list of all these minimal access sets are as follows: {2, 3, 4, 5, 6, 7, 8, 9} , {1, 2, 3, 4, 5, 6, 7, 8} , {1, 2, 3, 4, 5, 6, 7, 9} , {1, 2, 3, 5, 6, 7, 8, 9} , {1, 2, 4, 5, 6, 7, 8, 9} , {1, 2, 3, 4, 6, 7, 8, 9} , {1, 2, 3, 4, 5, 6, 8, 9} , {1, 2, 3, 4, 5, 7, 8, 9}, {1, 3, 4, 5, 6, 7, 8, 9}. In this example, each participant is involved in exactly p − 3 = 8 minimal access sets. Example 3.14 Let β ( p) = 4 and p = 13. By Theorem 2.6, we have a linear code of parameters [28, 2, 24]13 . The weight polynomial of the given code is u 28 + 84u 4 v 24 + 84v 28 . From Corollary 3.12, there are p−1 2 =6 minimal access sets and P7 , P14 , P21 are dictatorial participants. The list of all these minimal access sets is as follows: {2, 3, 4, 5, 6, 7, 9, 10, 11, 12, 13, 14, 16, 17, 18, 19, 20, 21, 23, 24, 25, 26, 27} , {1, 2, 3, 4, 5, 7, 8, 9, 10, 11, 12, 14, 15, 16, 17, 18, 19, 21, 22, 23, 24, 25, 26} , {1, 2, 3, 4, 6, 7, 8, 9, 10, 11, 13, 14, 15, 16, 17, 18, 20, 21, 22, 23, 24, 25, 27} , {1, 2, 4, 5, 6, 7, 8, 9, 11, 12, 13, 14, 15, 16, 18, 19, 20, 21, 22, 23, 25, 26, 27} , {1, 2, 3, 5, 6, 7, 8, 9, 10, 12, 13, 14, 15, 16, 17, 19, 20, 21, 22, 23, 24, 26, 27} , {1, 3, 4, 5, 6, 7, 8, 10, 11, 12, 13, 14, 15, 17, 18, 19, 20, 21, 22, 24, 25, 26, 27} . 4 Conclusion In this paper, we studied the cyclic codes with generator polynomials derived from Fibonacci sequences modulo a prime p. We showed that such cyclic codes enjoy very good properties as they give examples of MDS and optimal cyclic codes. Also, we were able to determine all parameters of such codes. Finally, we present applications to secret sharing schemes via Fibonacci codes. Acknowledgements This research is partially supported by TUBITAK-ARDEB under the project with Grant number 114F388. Open Access This article is distributed under the terms of the Creative Commons Attribution 4.0 International License (http:// creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made.

References 1. Ashikhmin, A.; Barg, A.; Cohen, G.; Huguet, L.: Variations on minimal codewords in linear codes. Applied Algebra, Algebraic Algorithms and Error-Correcting Codes, pp. 96–105. Springer, Berlin (1995) 2. Ashikhmin, A.; Barg, A.: Minimal vectors in linear codes. IEEE Trans. Inform. Theory 44(5), 2010–2017 (1998) 3. Asmuth, C.; Bloom, J.: A modular approach to key safeguarding. IEEE Trans. Inform. Theory 30(2), 208–210 (1983) 4. Blakley, G.B.: Safeguarding cryptographic keys. Proc. AFIPS 48, 313–317 (1979) 5. Burton, D.M.: Elementary Number Theory. Tata McGraw-Hill Education, New York (2006) 6. Ding, C.; Yuan, J.: Covering and secret sharing with linear codes. Discrete Mathematics and Theoretical Computer Science, pp. 11–25. Springer, Berlin (2003) 7. Esmaeili, M.; Esmaeili, M.: A Fibonacci-polynomial based coding method with error detection and correction. Comput. Math. Appl. 60(10), 2738–2752 (2010) 8. Hazewinkel, M. (ed.): Handbook of Algebra, vol. 1. North-Holland, Amsterdam (1995) 9. Horadam, A.F.: A generalized Fibonacci sequence. Am. Math. Mon. 68(5), 455–459 (1961) 10. Kautz, W.H.: Fibonacci codes for synchronization control. IEEE Trans. Inform. Theory 11(2), 284–292 (1965)

123

308

Arab. J. Math. (2017) 6:297–308

11. Lee, G.Y.; Choi, D.H.; Kim, J.S.: Burst-error-correcting block code using Fibonacci code. J. Chungcheong Math. Soc. 22(3), 367–374 (2009) 12. Li, Z.; Ting, X.; Hong, L.: Secret sharing schemes from binary linear codes. Inform. Sci. 180, 4412–4419 (2010) 13. Ling, S.; Xing, C.: Coding Theory. A First Course. Cambridge University Press, Cambridge (2004) 14. MacWilliams, F.J.; Sloane, N.J.A.: The Theory of Error-Correcting Codes, vol. 16. Elsevier, Amsterdam (1977) 15. Massey, J.L.: Minimal codewords and secret sharing. In: Proceedings of the 6th Joint Swedish–Russian International Workshop on Information Theory (1993) 16. McEliece, R.J.; Sarwate, D.V.: On sharing secrets and Reed–Solomon codes. Commun. ACM 24(9), 583–584 (1993) 17. Nyberg, K.: Differentially uniform mappings for cryptography. Advances in Cryptology-EUROCRYPT, vol. 93, pp. 55–64. Springer, New York (1994) 18. Robinson, D.W.: The Fibonacci matrix modulo m. Fibonacci Q. 1(2), 29–36 (1963) 19. Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979) 20. Si, W.; Ding, C.: A simple stream cipher with proven properties. Cryptogr. Commun. 4, 79–104 (2012) 21. Vajda, S.: Fibonacci and Lucas Numbers, and the Golden Section. Ellis Horwood Limited, England (1989) 22. Wall, D.D.: Fibonacci series modulo M. Am. Math. Mon. 67(6), 525–532 (1960)

123